Give your Django pony a security checkup.

Are you running a Django website? Security can be tricky business, and it's easy to forget something.

Enter your domain name:

Results are only reliable for Django websites.

What is this?

Erik's Pony Checkup is an automated security checkup for Django
websites. There are several security practices that can easily be probed from the outside, and this is what
Erik's pony checkup looks for.

Knowing what's wrong is only the first step:
Erik's Pony Checkup helps by explaining not just the risks, but also how to best fix an issue.

This is by no means a perfect system. This is not a replacement for a full security audit. But it is a
simple and fast way of seeing the basic pressing issues. Do note that there are many vulnerabilities which
can not be detected in this way, like SQL or XSS injection.

Why did you build this?

To help the ordinary developer
with securing their Django projects.
In June 2012, I spoke at Djangocon EU
about Building secure Django websites
(video/slides)
which met with great response. I was inspired to build this tool by Jessica McKellar's
keynote, in which
she explained how hard all this can be for people new to Django.

In addition, many experienced Django developers approached me after my talk to admit that they had made
some of the errors I mentioned. Someone even made a serious error on stage the next day. This, combined with the fact
that quite a few things can easily be checked remotely with a few HTTP requests, inspired me to build this.

Who built this?

Built by Erik Romijn. Source on GitHub.
Reports generated by this tool have a margin of error and are not meant to replace serious security audits.
Note that this report provides tips on how to improve
security, and do not indicate whether or not a web app has or has not been compromised.
Logo based on
Armored Knight Pony by Fureox.